<?php if(!session_id()) { session_start(); }
if(!isset($ver)) { include('../functions.php'); }
if ($_SESSION["pass"] != check($_SESSION["user"])) {
log_write('user', 'Possible hack attempt detected', 'Incorrect password specified for user');
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} elseif(!isset($_SESSION["pass"])) {
log_write('user', 'Possible hack attempt detected', 'No password specified for user: '.$_SESSION["user"]);
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} if($_SESSION["power"] != 'Administrator') {
log_write('admin', $_SESSION["user"].' has attempted to access the Admin area', 'Security Breach');
header("Location: /");
exit;
}
 function adduser($passErr) {
	global $home, $userpath;
echo <<<AOE
<style type="text/css">
.smalltext
{
    FONT-SIZE: 11px;
    COLOR: #333333;
    FONT-FAMILY: Verdana, Arial, Helvetica;
}
</style>
<form name="addUser" action="" method="post">
								<fieldset>
        		 	                <legend><img src='images/admin.gif' align='absmiddle' />&nbsp; Create a new user account</legend>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0' width="1113" height="98">
										<tr>
            		 	                    <td class='title'>User Name:</td>
            		 	                    <td class='content' colspan="2"><input type='text' onkeyup="udtf('{$home}',this.value);" class='sql_form' name='user' /></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Password:</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='password' /></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Confirm Password:</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='confirm_password' /></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
										<tr>
										  <td class='title'>Power:</td>
										  <td class='content' colspan="2">
<input type='radio' name='power' value='user' />&nbsp;User&nbsp;<input type='radio' name='power' value='admin' />&nbsp;Admin</td>
										  <td height="24">&nbsp;</td>
									  </tr>
            		 	            </table>
								$passErr
            		 	        </fieldset>
								<div>&nbsp;</div>
        		 	            <fieldset>
        		 	                <legend><img src='images/addresses.gif' align='absmiddle' />&nbsp; Address details</legend>

        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0'>
            		 	                <tr>
            		 	                    <td width='30%' class='title'>Home Directory:</td>
            		 	                    <td width='70%' class='content'><input type='text' disabled='true' class='sql_form' name='home_dir' value='Please enter a user name' /></td>
            		 	                </tr>

        		 	                	<tr>
            		 	                    <td width='30%' class='title'>Trash Directory:</td>
            		 	                    <td width='70%' class='content'><input type='text' class='sql_form' disabled='true' name='trash_dir' value='Please enter a user name' /></td>
            		 	                </tr>
            		 	                <tr>
            		 	                    <td width='30%' class='title'>Trash File Location:</td>
            		 	                    <td width='70%' class='content'><input type='text' disabled='true' class='sql_form' name='trash_file' value='Please enter a user name' /></td>
            		 	                </tr>
            		 	            </table>
							<input type="hidden" name="userpath" value="{$userpath}" />
							<input type="button" class="nButton" name="addUsr" onclick="javascript:addusr('admin/adduser.php','POST');" value="Add User" />
            		 	        </fieldset></form>
AOE;
} // End adduser function
if(isset($_POST['user'])) { 
/*****[BEGIN]******************************************
 [ Base:     oPanel add user function          v1.0.0 ]
 ******************************************************/
if($_POST['password'] != $_POST['confirm_password']) { $error = '<center><font color="red">The passwords you typed do no match.</font></center>'; }
if($_POST['home_dir'] == '' || $_POST['trash_dir'] == '' || $_POST['trash_file'] == '' || $_POST['power'] == 'undefined' || $_POST['password'] == '' || $_POST['confirm_password'] == '') { $error = '<center><font color="red">A require feild is missing.</font></center>'; }
$paths = $_POST['userpath'];
$lines = scandir($paths);
foreach ($lines as $line_num => $line) {
if ($line != ".") {
 if ($line != "..") {
$type = strrchr($line,'.');
  if (!(is_dir($paths.$line))) {
if($type == ".opuf") {
$file = str_replace('.opuf', '', $line);
if($file == $_POST['user']) { $error='<center><font color="red">There is already a user with this user name.</font></center>'; }
} } } }
} // end foreach
if ($_POST['power'] == 'admin') { $pw = 'Administrator'; } else { $pw = 'User'; }
$userfile=' - User Password And Access Info -
Password="'.crypt(md5($_POST['password']), md5($_POST['user'])).'"
Power="'.$pw.'"
 - User Settings -
Home="'.$_POST['home_dir'].'"
trashdir="'.$_POST['trash_dir'].'"
trashfile="'.$_POST['trash_file'].'"
 - Login Information -
LoginAttempts="1"
LastLogin="00.00.00, 00:00:00"
IP="0.0.0.0"
----------------
oPanel User File';
$nUF = USERS_PATH.$_POST['user'].'.opuf';
if($fp = @fopen("$nUF","w+")) {
$content = stripslashes($userfile);
fwrite($fp, $content);
fclose($fp); } else { $error = '<center><font color="red">The user folder is not writable</font></center>'; }
if(isset($error) && $error != '') { echo adduser($error); exit; }
echo <<<EOA
<fieldset><legend>New User</legend>
A new user has been created for opanel with the following details:<br />
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class='title' width="30%">User Name:</td>
    <td width="86%">{$_POST['user']}</td>
  </tr>
  <tr>
    <td class='title'>Password:</td>
    <td>{$_POST['password']}</td>
  </tr>
  <tr>
    <td class='title'>Power:</td>
    <td>{$pw}</td>
  </tr>
  <tr>
    <td class='title'>Home Directory:</td>
    <td>{$_POST['home_dir']}</td>
  </tr>
  <tr>
    <td class='title'>Trash Directory:</td>
    <td>{$_POST['trash_dir']}</td>
  </tr>
  <tr>
    <td class='title'>Trash File Location:</td>
    <td>{$_POST['trash_file']}</td>
  </tr>
</table>
Note: When the user logs in for the first time they will be required to change their password.</fieldset>
EOA;
/*****[END]********************************************
 [ Base:     oPanel add user function          v1.0.0 ]
 ************************/}/***************************/
  else {
	echo adduser('');
 }
?>